Secondly, can you provide more information by empty() may introduce security holes.
2 questions: if and session's
Moderator: General Moderators
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Oh Mordred, you've been told. :-pJcart wrote:Firstly, its isset(), not is_set()..
Secondly, can you provide more information by empty() may introduce security holes.
In Mordred's defense though, maybe he was thinking along the lines of is_int and is_string.
And the bad thing about empty is that if you call empty on a value that is 0 (as an integer, not a string), empty will return true.
isset() indeed, mea culpa. I'll try to abstain from posting when I'm sleepy 
To answer the question (with "regular bug" substituted for "security hole"), a value of 0 will return true for isset() and false for !empty(), buf of course you're well aware of that. As for how boss01 fixed the code - we can't tell without seeing it, that's why I ask him to post the new version again. Might be fixed, might have forgotten to plug a hole, might have introduced a new one. As I said, I've seen it happen before, it's just in the nature of the programming process.
No, I didn't mean that, I mean thatSecondly, can you provide more information by empty() may introduce security holes.
. This follows from the "age barrier" between time-tested mature code and "young" new code. It's happened a lot before (to me as to many others) and is definitely a thing to watch out for when you're a newbie developer. And it's not just about security holes but about generic "old-skool" bugs/bugfixes as well.security fixes may introduce new holes
To answer the question (with "regular bug" substituted for "security hole"), a value of 0 will return true for isset() and false for !empty(), buf of course you're well aware of that. As for how boss01 fixed the code - we can't tell without seeing it, that's why I ask him to post the new version again. Might be fixed, might have forgotten to plug a hole, might have introduced a new one. As I said, I've seen it happen before, it's just in the nature of the programming process.